Sophos Central customers have reported issues preventing successful installation, live terminal and device list access issues in the EU-CENTRAL-1 region For more info refer to KBA-000041338 for the latest updates.

Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos endpoint using high cpu when updating windows

Tri Nguyen2

Hi sophos team.
I have an issue with sophos endpoint.
The computer is so lagged when updating windows. Sophos endpoint defense software and sophos file scanner took over 50% cpu, do we have settings to bypass scanning update from window.

The endpoint is the latest version.

task manager



This thread was automatically locked due to age.
  • 0

    Thank you for reaching out to the community forum.

    Aside from the Windows update, is there any other activity going on while you experience the issue?

    Also, may we know the specs of the device that has this behavior? 

    Glenn ArchieSeñas (GlennSen)
    Global Community Support Engineer

    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • 0

    I assume all the work is by tiworker.exe which has the "file description" "Windows Modules Installer Worker" which is what this Processes view of TaskManager shows.

    If this process during a Windows update is creating a lot of reg keys/values and files, SSPService is subjected to a lot of regkeycreate and regvaluewrite operations. Plus all the new files. These operations are all journaled.  The activity from SophosFileScanner.exe would suggest many of the files are being scanned as well.

    If you wanted to test the behaviour with tiworker.exe excluded as a process. I.e. it is referenced in OnAccessExcludeProcessPaths under: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sophos Endpoint Defense\Scanning\Config once the policy comes down.

    As to if this is a secure approach is another question but, could be tested.